For senses, then 'I only trust what I can touch with my own hands, or see with my own eyes' is one example, which counterfeit goods, photoshopped images and 'deep fake' videos show isn't a very reliable way to assess if something is genuine.
For systems, then a time-stamped published blog post seems like it might be a modern digital equivalent of the classic 'Photo of a newspaper fixes the earliest possible date when the photo could have been taken...' scenario. So a blog post, which is stamped with the time and date that it as published, might seem to be a good way of showing when you first published a thought, idea or comment.
Unfortunately, the design of many systems is not perfect, and sometimes it doesn't do what it appears to do. Blog posts, for instance. The time and date that are shown in Google Blogger (which is what I use to publish this blog) are when it was first published. Any changes after that do not change the time or date, because a blog (from 'web log') is meant to be a series of 'diary'-like entries, and you don't generally edit your diary... So the design of a blogging application (or program, as they used to be called!) has a time-stamp for the publishing date as a key requirement, but there's no requirement at all for time-stamping any edits, and in fact, if you did change the time-stamp for each edit, then it would stop being a log. Even worse, suppose that a picture, photo, graphic, web-site, web-page, or an article in the published blog post was replaced or updated (the original disappeared, for instance), then changing the publishing date changes the time and date of the blog even though none of the major part of the text has changed. What happens when a different advert is placed in the blog post?
So, by design, the time-stamping in Google Blogger (and many other blogs) is a useful way to find out when a blog post was first published. But that is all. Any subsequent edits are probably not reflected in the 'published on' time and date stamp.
A security-minded person looks at this design and sees a flaw. Most people will look at the 'published on' time and date stamp and assume that it means when the blog post was published. The analogy with the time and date printed at the top of a newspaper is firmly locked in many people's minds. Even if edits were time-stamped, then how do you know you can trust the time-stamping process? Winding back the date on a computer so that '30-day' trials of software continue to work is a very old approach - and triggers an interesting 'vulnerability/mitigation' escalation 'ladder' if you try to stop it happening. These things boil down to: "How much time and effort is it worth to you, trying to make this perfect?', because whatever you do to try and secure your time-stamp will probably introduce one or more new possibilities for subverting it, albeit with more required effort. And nothing is perfect!
So, if you look at this blog post, from the 2nd of October 2018, you will see an edit that I made today to a blog post from more than 2 years ago... but the published date and time were not affected. As you can see, it looks like I had a bad feeling about 2020 way back in 2018 - or maybe I didn't and I just edited the blog post. Does this prove anything? Well, it proves this:
Don't trust blog posts - except blog posts that tell you not to trust blog posts!
So editing is easy! And a little bit of 'thinking ahead' provides an interesting principle: if you publish a blog post a few times every month for a few years, then you can go back at any time in the future and edit it to say anything at all! I'm now wondering what I should predict next...
The Catch!
This wouldn't be a security blog post if there wasn't a 'gotcha'! Yep, whilst Google Blogger (or other blog apps) display the time-stamp for when the post is published, there are ways to find out when it was altered as well. The Internet 'Wayback Machine' grabs web-pages (Only 439 billion or so - not all of them!) and so can be used as a 'view into the past' - but it also allows pretty detailed investigations of when something has been changed. Now hacking the Wayback Machine is a possibility to cover tracks, but...
This is probably a good moment to remind you that useful resources like the Wayback Machine need money, so I encourage you to go to the web-page and donate! I have donated!
---
Whilst you are thinking about donating to the Internet Wayback Machine, then if you also find my writing helpful, informative or entertaining, then please consider visiting the following link for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):
No comments:
Post a Comment
Note: only a member of this blog may post a comment.